[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Thu, Oct 18, 2012 at 9:19 PM, Christoph Anton Mitterer wrote:
> 2) downgrade attacks
> These have the same idea as blocking attacks (prevent the user to get
> updates) but are a bit smarter.
> You don't simply block any update requests, but rather you sent the user
> old repository data. These are correctly signed by Debian... just...
> they are old and do not yet know about the updates.
>
> The only way of preventing this was, if apt/aptitude would utterly bail
> out/print error messages/give non-zero exit statuses if the repo-data
> they are working on are older than <some well thought time interval>
> (typically that would be something around the mirror update interval).
>
> Of course the time of a Release file would have to be signed ;)

The release files *are* signed.  Try using snapshot.debian.org (older
than 2 weeks I think) as an apt source.  It will fail loudly that the
release file is expired.

This is a whole lot of speculation about things that are already
handled.  Please think about how you could demonstrate to yourself
before pressing it on the rest of the world.

Best wishes,
Mike
Reply to: